Privacy Policy

Last updated: May 8, 2026

This Privacy Policy explains how Signalor GEO (“Signalor”, “we”, “us”) collects, uses, and safeguards information when you use our website and services (the “Service”). By using the Service, you agree to the practices described below.

1. Information We Collect

We collect the following categories of information:

  • Account information: email address, name, password hash, and authentication identifiers (including Google OAuth IDs when you sign in with Google).
  • Workspace inputs: URLs you submit for analysis, brand and competitor configurations, prompts, and other content you provide.
  • Integration data: OAuth tokens and metadata from connected services (e.g. Google Analytics 4, Shopify). Tokens are encrypted at rest.
  • Crawl and analysis output: page content, schema, scoring results, and AI-generated reports we produce on your behalf.
  • Billing information: processed by our payment provider (Dodo Payments). We store payment, subscription, and invoice identifiers, but do not store full card numbers.
  • Usage and device data: log data, IP address, browser/device type, referrer, and timestamps of your interactions with the Service.

2. How We Use Information

We use the information we collect to:

  • Provide, operate, and maintain the Service;
  • Run analyses, generate reports, and deliver feature output;
  • Authenticate users and protect accounts from unauthorized access;
  • Process payments, subscriptions, and referral discounts;
  • Communicate with you about the Service, updates, and support requests;
  • Improve product performance, troubleshoot issues, and prevent abuse;
  • Comply with legal obligations and enforce our terms.

3. Legal Basis for Processing (EEA/UK Users)

Where the GDPR or UK GDPR applies, we process personal data on the basis of: performance of a contract with you; our legitimate interests in operating and improving the Service; your consent (where required, e.g. for certain cookies); and compliance with legal obligations.

4. Third-Party Services and Integrations

We use trusted third-party services to operate the platform. These providers process data only as needed to deliver their part of the Service:

  • Dodo Payments — payment processing, subscriptions, and invoices.
  • Google — OAuth sign-in and Google Analytics 4 (when you connect a GA4 property).
  • Shopify — store data when you connect a Shopify integration.
  • Google Gemini — AI processing for entity extraction, AI visibility checks, and competitor discovery. We send only the inputs needed to generate the requested output.
  • Hosting and infrastructure providers — for compute, storage, email delivery, and observability.

You may revoke an integration at any time from your account settings . When you disconnect, we stop accessing the third party and delete or invalidate the associated tokens.

5. Cookies and Similar Technologies

We use first-party cookies for authentication (session cookies) and to remember your preferences. Limited analytics cookies may be used to understand product usage. You can control cookies through your browser settings; disabling required cookies may affect functionality such as sign-in.

6. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Analyzer crawl snapshots and integration data are retained for up to 90 days unless you request earlier deletion or your subscription requires a longer retention window.

7. Security

We use industry-standard safeguards including TLS in transit, encryption at rest for sensitive credentials (such as integration OAuth tokens), least-privilege access controls, and regular monitoring. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to or withdraw consent for certain processing. California residents have additional rights under the CCPA/CPRA, including the right to know what is collected and the right to opt out of certain sharing.

To exercise these rights, contact us using the details below. We will respond within the timeframe required by applicable law.

9. International Data Transfers

We and our service providers may process data in countries other than your own. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) to protect personal data.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email. Continued use of the Service after a change means you accept the updated policy.

12. Contact

For privacy-related questions, requests, or complaints, contact us at tech3@optiminastic.com.